Container, Docker, and

Kubernetes & Microservices

IF5122-Software Construction
Dr. Agung Dewandaru
Why Microservice
• Dividing task for multiple teams
• Fault – tolerant
• Scale quickly
What is Microservice
• Architectural Pattern
• DEFINITION A microservice is a tiny and
independent software process that runs
on its own deployment schedule and can
be updated independently.
Microservice Overview
What is wrong with Monolith
• Monolith = an entire application that runs in a single process
Microservices Pros
• Allows for fine-grained control-Microservices allow us to build an
application with fine-grained control over scalability
• Minimizes deployment risk-Microservices help us minimize deployment
risk while maximizing the pace of development
• Lets you choose your own tech stack-Microservices allow us to choose the
right stack for the task at hand so that we aren’t constrained to a single
tech stack

Microservices Cons
• Microservices are more difficult
• People often fear complexity
Microservices and SOA
• Similarities
• Made of loosely coupled , reusable, independent components
• Main Difference is in scope: Microservices is for Application, not
Enterprise
Tools
• Docker —To package and deploy services
• Docker Compose —To test microservices application on the
development workstation
• Kubernetes —To host application in the cloud
• Terraform —To build cloud infrastructure, Kubernetes cluster, and
deploy application
First Iteration
What is Container
• Based on LXC
• In between chroot
and full fledged VM
• The goal of LXC is to
create an
environment as close
as possible to a
standard Linux
installation but
without the need for
a separate kernel.
• Lightweight OS
Sharing
• Comparison with VMs
Docker is a Container Orchestration
Technology
• Managing lifecycles
of containers
• Creation of images
• Creation of
containers from
images
• Packaging of images
• Lightweight
• Makes it easy to scale
Some sample commands
• Docker run hello-world
• Docker run = Docker create (image) [pull if necessary] + start
• Docker start = starting an image
• Docker exec = running program inside container
• Docker images = enlist all image in local system
• Docker pull = Pull image from hub
• Docker rmi = remove image
• Docker rm = remove container
 ① Sets the base image for our new
Dockerfile image. This allows us to produce new
images based on existing images.

② Sets the directory in our image.

• Textfile format Other paths are relative to this.

• Contains instructions to build an image ③ Copies the Node.js package.json

• Optionally start FROM Base Image file into the image

• Optionally copy from filesystem to the ④ Installs only the production

dependencies using npm
image
⑤ Copies the source code for our
microservices

⑥ Copies our sample video

⑦ Starts the microservice using the

“npm start” convention (see the
previous chapter)
Docker Build
Docker-compose
• For Multiple Containers
• Avoid having to build and run every
container
• For microservices, typically needs more than
one containers!
Kubernetes
• Computing platform to manage container-based applications
• Initiated by Google
• Turned over community as open source
• Has automatable API
• Scalable
• Supported by all major players
Kubernetes Basic Structure: pods, nodes, and
cluster (1)
A Pod (as in a pod of whales or pea pod)
is a group of one or more containers, with
shared storage and network resources,
and a specification for how to run the
containers.

In terms of Docker concepts, a Pod is

similar to a group of Docker containers
with shared namespaces and shared
filesystem volumes.

Every Pod gets its own IP address. This

means you do not need to explicitly
create links between Pods and you
almost never need to deal with mapping
container ports to host ports.
Kubernetes Basic Structure: pods, nodes, and
cluster (2)
• Kubernetes runs your workload by placing
containers into Pods to run on Nodes. A node
may be a virtual or physical machine, depending
on the cluster.
• Typically, you have several nodes in a cluster; in
a learning or resource-limited environment, you
might have only one node.
• The API server is a component of the
Kubernetes control plane that exposes the
Kubernetes API. The API server is the front end
for the Kubernetes control plane.
• etcd: Consistent and highly-available key value
store used as Kubernetes' backing store for all
cluster data.
• The kubelet is the primary "node agent" that runs on each node.
It can register the node with the API server using one of:
• the hostname;
• a flag to override the hostname; or
• specific logic for a cloud provider.
Kubernetes AutoScaling (1)
• Methods:
• Pod-based Scaling:
• using HorizontalPodAutoscaler (HPA) or
• Vertical Pod Autoscaling (VPA)
• Node based Scaling: using Cluster Autoscaler
• HorizontalPodAutoscaler automatically updates a
workload resource (such as
a Deployment or StatefulSet), with the aim of
automatically scaling the workload to match demand.
• Horizontal scaling means that the response to
increased load is to deploy more Pods. This is different
from vertical scaling, which for Kubernetes would
mean assigning more resources (for example: memory
or CPU) to the Pods that are already running for the
workload.
Kubernetes AutoScaling (2)
• The cluster autoscaler changes the number of cluster nodes, while HPA scales the number of running cluster pods.
• Cluster autoscaler seeks unschedulable pods and tries to consolidate pods that are currently deployed on only a few nodes.
It loops through these two tasks constantly.
• Limitation
• Cluster autoscaler only supports certain managed Kubernetes platforms
• Cluster autoscaler does not support local PersistentVolumes. You cannot scale up a size 0 node group for pods requiring ephemeral-storage when using local SSDs.
Minikube
• For practicing Kubernetes in easy manner
• Local single-node installation for practice
• After install, issue:
• minikube start
• minikube dashboard
• Other commands:
• minikube stop
• minikube delete
Auth in stateless HTTP
Do we really need to
authenticate every time
request is made?
Auth using Server Side Session
• What if we
need to scale
the server?
JWT
• JWT is a token based stateless authentication mechanism. Since it is a
client-side based stateless session, server doesn’t have to completely
rely on a datastore(database) to save session information.
• Each token is self-contained, this means it contains all information
needed to allow or deny any given requests to an API. To understand
how we can verify a token and how authorization happens, we need
to take a step back and look into a JWT.
• Anatomy:
• Header.Payload.signature
Anatomy
 • Every separate
With JWT microservice
can now use
the token and
its payload to
perform service